Tag: trust evaluation

Source URL: https://alexwlchan.net/2025/github-actions-audit/ Source: Hacker News Title: Whose code am I running in GitHub Actions? Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a recent security issue with the tj-actions/changed-files GitHub Action, highlighting the risks of mutable Git tags as opposed to immutable commit references in CI/CD processes. It emphasizes the…